How to prepare for post-quantum cryptography

The long-term security benefits of quantum computing have been highly touted. When commercially available, quantum computers will be able to support entirely new models of encryption. That type of quantum-based encryption would be virtually impossible to hack with today’s technologies.

The other side of that coin is a bit more frightening. Quantum computers will have the potential to crack current encryption algorithms, posing considerable risk to existing public key cryptography.

Lest we think the problem is far enough away to allow for a relatively relaxed period of strategizing, quantum computers are quickly transitioning from a futuristic goal to today’s reality. Earlier this year, IBM launched the first commercially available quantum computer, the 20-qubit IBM Q System One, with a goal of doubling quantum computing speeds every year.  The goal is to reach, within three to five years, “quantum supremacy” --  the point at which quantum computers overtake the problem-solving speed of today’s best traditional processors.

While there’s no need to start panicking, neither should government agencies play wait-and-see with their security as quantum computing gains ground.

NIST’s cryptography initiative: Why encryption models need to change

For a bit of background on some of the vocabulary above, quantum computing is not based on the traditional mathematical principles that govern classical computing. It is based on the science of quantum mechanics, where computations are driven by quantum bits, or qubits, rather than the simple binary digits of conventional computing.

Whereas the math used with binary bits produces discrete, fixed values, qubits can exist in multiple states at the same time. This is why quantum computing is so revolutionary: Qubits do not have a fixed value, instead existing in an indeterminate state. With so much fluidity, they can handle far greater complexity than the binary model.

Recognizing the threat that such computational power can have on security, the National Institute of Standards and Technology has been working to identify and standardize new quantum-resistant cryptographic algorithms.

This past January, NIST announced a narrowed-down list of 26 algorithms for potential standardization, with plans to evaluate and analyze these algorithms in real-world settings over the remainder of the year. These quantum-resistant algorithms will need to work on systems of all sizes -- from large computers to smart phones to small internet-of-things devices. 

When considering cryptographic algorithms, it’s important to keep in mind that current encryption relies mainly on two methods: asymmetric, such as RSA, and symmetric, such as AES. Encryption solutions often combine these methods, leveraging the strengths of both models for a faster, more secure overall approach.

In terms of data security, encryption models like RSA take a common approach based on mathematical principles -- specifically around factoring integers into prime numbers. The larger the prime numbers, the longer the encryption keys become, and the more difficult it becomes to break the code. This model can, in theory, keep scaling with larger prime numbers, but its usefulness is constrained by the computational limitations of classical computers.

Because quantum-resistant algorithms are rooted in quantum mechanics and developed with computational capabilities much greater than the factoring-based models built on mathematical principles, just continuing to build bigger encryption keys is not enough to safeguard data. The very basis of our approach to encryption must change.

Quantum-proofing your data and the need for crypto agility

With all of this in mind, there are some fundamental factors for IT teams to consider when assessing risk to data.

IT teams must determine how many years they need to keep their encrypted data. Assuming data must remain secure for years or even decades to come, there will be a race against the clock to make sure agency IT infrastructure is “quantum-safe” before large-scale quantum computers become readily available. The shorter agency leadership believes that quantum timeline to be, the greater the urgency for taking action.

Protecting data will involve implementing NIST-approved quantum-resistant algorithms on existing classical computers and reencrypting all agency data with those algorithms. Aside from the complexity of the technology, setting the standards for quantum-resistant algorithms is still in the early stages. Sticking to NIST-approved algorithms, therefore, is the best bet.

When procuring and deploying new technologies that utilize encryption, agencies must ensure these solutions are “crypto agile” (dependent on their shelf-life, of course). Crypto agility is the ability for technology to adopt another encryption method without changing the infrastructure. These agile solutions use traditional encryption methods today, but they can be easily modified to use quantum-resistant algorithms as they become available.

To be clear, the sky is not falling -- yet. The threat of quantum computing to network security is not immediate, because quantum algorithms cannot be efficiently deployed on classical computers. However, data that is being encrypted and stored today will certainly be at risk as large-scale quantum computers enter the market before that data reaches the end of its valuable life.

Taking preventive action today, before quantum computers are routinely commercially available, will prevent agencies from putting mission-critical data at risk.